Create a New Campaign

In Metasploit Pro, you create and run campaigns to perform social engineering attacks. A campaign contains the emails, web pages, and portable files that are necessary to run a social engineering attack against a group of targets. You can set up campaigns to perform phishing attacks, launch client-side exploits, run Java signed applets, generate executables for USB key drops, and send out emails with malicious attachments.

The campaign tracks the number of human targets that fall victim to the attack and presents the results in a social engineering report. You can read the report to review the metrics for the campaign, learn about remediation recommendations, and determine the effectiveness of the campaign. The campaign page shows real-time statistics that provide you with a high-level overview of the campaign results. For example, you can view the number of recipients who opened the email or filled out the web form in a phishing campaign.

A campaign is a logical grouping of the campaign components that you need to exploit or phish a group of people. A campaign can be comprised of the following campaign components: email, web page, or portable file. The components you add to the campaign depend on the purpose and goal of the social engineering attack.

Prerequisites

  • Email Server - A machine that acts as a mail transfer agent (MTA). Metasploit Pro does not provide an MTA for you to send email. You must supply Metasploit Pro with the SMTP settings for your mail server. Before you define the SMTP server, make sure that the port that your mail server uses is not blocked by the Metasploit instance. Generally, ports 25 and 587 are recommended SMTP ports.
  • Web Page - The web page that the target visits. Either a custom page or Metasploit Pro has the ability to clone a page.
  • Web Server - A machine that serves the web pages for the campaign. Metasploit Pro creates a web server locally to serve the web page.
  • Target List - A list that defines the targets that you want to email a phishing attack. This can be entered manually when setting up the campaign, or you can have a .csv formatted list available.

Campaign Restrictions

The following restrictions apply to campaigns:

  • A campaign can only contain one email.
  • A campaign you build with the canned phishing campaign can only contain one email and up to two web pages. One web page is used for the landing page, and the other web page is used for the redirect page. If you need additional redirect pages, do not use the built in phishing campaign to create a campaign, use the custom campaign builder instead.
  • Each instance of Metasploit Pro can only run one campaign at a time.

Basic Campaign Workflow

To create and launch a social engineering attack, there are a few general steps to follow. You can create a campaign and target lists in any order.

  1. Create a campaign.
  2. Upload or create your target lists.
  3. Add a campaign component, such as an email, web page, or file.
  4. Customize the campaign component.
  5. Configure any necessary servers.
  6. Run the campaign.
  7. View the campaign statistics to track the actions of the recipients.
  8. Stop the campaign.
  9. Generate a social engineering report.

Campaign Creation Walkthrough

In this walkthrough, we will focus on a standard phishing campaign. In this scenario, the email recipient will get a password reset email that includes a link to click. After clicking the link, they will be taken to a login page where any information they enter is collected.

  1. From within a project, select Campaigns from the “Tasks” menu.
  2. When the “Manage Campaigns” area appears, click the Configure a Campaign tab.
  3. When the “Configure a Campaign” area appears, enter a name for the campaign in the “Name” field.
  4. Choose Phishing Campaign.
    1. Metasploit Pro automatically creates a campaign that has the campaign components for a phishing attack. The phishing campaign contains an email component and two web page components that you configure to set up the landing page and the redirect page.

Configure Your Email Settings

Before sending out a phishing email, you should have a list of recipients available. Keep social engineering techniques in mind as you fill out these fields. Make sure you have a clear goal in mind when creating the email. For example, if you want to test how well your organization pays attention password reset requests, make the email seem real, but include noticeable mistakes.

To configure your server, click on E-email on the “Configure a Campaign” main page.

Email General Settings

Fill out the following fields:

  • Subject - Email subject for the recipient.
  • From address- Email address the recipient will see.
  • From name- The name the recipient will see in the form area.
  • Do not add tracking- If checked, emails that are opened will not be tracked.
  • Choose Target List - List of recipients. To use a .csv file, the headings must match the following:
    • email_address
    • first_name
    • last_name

Target Lists

To learn more about target lists, see Managing Target Lists

Email Content

The content page is where you will create the email. Using the built in attributes for first_name, last_name, email_address, and landing_page_link makes it easier to automatically populate information for the emails.

You can create emails using “Rich Text” or “Plain Text”. If you aren’t familiar with HTML, then using “Rich Text” will be easier. “Rich Text” takes away options such as background colors, images, and text formatting.

If you know HTML, using plain text will give you more options to customize the emails. You are not able to bring in external style sheets, but it accepts inline styling for elements.

Such as <p style=”color=blue;”>{{name}}.

You can configure the following options for your email:

  • Rich Text - Rich text editors are also known as WYSIWYG editors. The rich text editors provide a way to customize email without knowing how to code.
  • Plain Text - HTML editor.
  • Preview - An approximation of what the email will look like. This can vary depending on the email client and the browser.
  • Template - A reusable HTML shell that contains boilerplate that you can share between campaigns in a project. You can create and use a template to generate a web page or email content for a campaign. Add templates under Manage Reusable Resources.
  • Insert custom attribute - Add a custom attribute such as company_role. Add attributes under Manage Reusable Resources.

After adding the email form information and email body, click Save.

Configure Your Email Server

There are two ways to configure your email server. To use a single server for any emails sent from Metasploit Pro, you can configure it from the global settings. To use a different server for each campaign, configure the email from within the campaign.

Email Server

If you configure a server from within the campaign it will override the global mail server.

Any service can provide the mail server. You will need to have the information listed below for the server.

To configure your server, click on E-email Server on the “Configure a Campaign” main page.

You can configure the following options for your email server: While some fields are marked as required, it is best to make sure you have all the information for emails to be sent.

  • Host - Server host address.
  • Port - Server port.
  • Username - Email server username
  • Password - Email server password
  • Mail Domain - The domain name of the email. For example, mail.mybusiness.com
  • SMTP Auth Type :
    • plain
    • login
    • cram_md5
  • Force TLS (leave unchecked for STARTTLS)
  • Emails per batch - Number of emails to send in a batch.
  • Delay between batches - Delay between batches in seconds.

After configuring your email server, click Save.

Configure Your Landing Page

The landing page is where recipients will end up if they click on the link provided in the email. Your network should host the webpage. Metasploit Pro automatically provides the host configured on the project. Create a location on the host for the landing page to live on.

After they enter the form information, username, and password in this example, you can either have them land on the standard campaign page, or if you already have a page hosted, they can be redirected there on form submission.

To configure your landing page, click on Landing Page on the “Configure a Campaign” main page.

Landing Page Settings

Fill out the following fields:

  • Path - Website URL
  • After form submission, redirect to URL:
    • Redirect to custom URL.
    • Redirect to page standard Metasploit Pro page. This page can not be edited.
  • Save all user submitted data?
    • Save any data provided by the user. This can be usernames, passwords, or other information entered on the site.
    • Only record the information entered in the forms.

Landing Page Content

The landing page that loads after a user clicks on the email link can either be created by hand or an existing website can be cloned. If you have an existing login page hosted, you can enter the URL and clone it. If not, then you can create one from scratch with HTML. Here you can pull in external style sheets or use inline CSS.

You can configure the following options for your landing page content:

  • Edit - Edit the landing page using HTML.
  • Preview - An approximation of what the landing page will look like.
  • Template - Use an existing template. Add templates under Manage Reusable Resources.
  • Clone Website - Clone a website to use as a landing page. Use this to clone your existing landing page.
    • URL to clone - URL to copy
    • Strip JavaScript - Remove JavaScript during the clone operation.
    • Set referrer - A header that identifiers the address of the webpage. The webpage can see where the request originated.
    • Set user agent - A request header that contains a string that allows the network to identify the operating system, application type, and software version of the requesting agent.
    • Resolve relative URLs - A relative URL is only linked from that page. For example a “Back to Top” link or section links.

After adding the landing page, click Save.

Configure Your Redirect Page

After submitting form information, users can be sent to a final page.

To configure your redirect page click on Redirect Page on the “Configure a Campaign” main page.

Redirect Page Settings

Fill out the following field:

  • Path - The path the redirect page is on. This is where the email recipient will be redirected to after clicking submit on the form. It defaults to the host used when setting up the project.

Redirect Page Content

You can configure the following options for your redirect page:

  • Edit - Edit the HTML of the redirect site email recipients are sent to after entering form information.
  • Preview - Preview the entered HTML
  • Template- Use an existing webpage template.
  • Clone Website - Clone a website to use as a landing page. Use this to clone your existing landing page.
    • URL to clone - URL to copy
    • Strip JavaScript - Remove JavaScript during the clone operation.
    • Set referrer - A header that identifiers the address of the webpage. The webpage can see where the request originated.
    • Set user agent - A request header that contains a string that allows the network to identify the operating system, application type and software version of the requesting agent.
    • Resolve relative URLs - A relative URL is only linked from that page. For example a “Back to Top” link or section links.

After adding the redirect page, click Save.

Configure Your Web Server

The web server hosts the landing page recipients will be taken to after clicking the link in the email. Metasploit Pro will automatically populate the host’s information configured during project setup. You can use a different hostname, but it must resolve to the original one configured.

Fill out the following fields:

After configuring the web server, click Save.

Deploy Your Campaign

At this point, your campaign is ready. To recap, the basic setup is:

  1. A user receives a password reset email.
  2. The user then clicks on the reset link in the email.
  3. They are taken to a landing page with a form that asks them to enter information.
  4. After submitting the form, they are taken to a final redirect page.

To deploy your campaign, go to the “Manage Campaigns” screen and click Start.